CVE-2021-28799
QNAP NAS Improper Authorization Vulnerability
CVSS
—
No CVSS
EPSS
78.3%
p100
KEV
YES
Mar 31, 2022
Exploit Today
80
0-100
Published: — · Last modified: —
78.3%EPSS · 30 days78.4%
2026-06-302026-07-16
Product
QNAP / Network Attached Storage (NAS)
Vulnerability
QNAP NAS Improper Authorization Vulnerability
Added to KEV
Mar 31, 2022
Remediate by
Apr 21, 2022
Known ransomware use
Yes
Summary description
QNAP NAS running HBS 3 contains an improper authorization vulnerability which can allow remote attackers to log in to a device.
Required action
Apply updates per vendor instructions.
Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-28799